New Remote Flaw In 64-Bit Windows 7 284
Trailrunner7 writes "Researchers are warning about a new remotely exploitable vulnerability in 64-bit Windows 7 that can be used by an attacker to run arbitrary code on a vulnerable machine. The bug was first reported a couple of days ago by an independent researcher and confirmed by Secunia. In a message on Twitter, a researcher named w3bd3vil said that he had found a method for exploiting the vulnerability by simply feeding an iframe with an overly large height to Safari. The exploit gives the attacker the ability to run arbitrary code on the victim's machine."
So all 5 of you running Safari on Windows (Score:5, Funny)
Watch out!
Re:So all 5 of you running Safari on Windows (Score:5, Insightful)
So, wait, is this a Win7 exploit or a Safari exploit?
Re:So all 5 of you running Safari on Windows (Score:5, Insightful)
Re: (Score:3, Informative)
Sounds like it is an exploit of an issue with a windows component, but it is currently only known to be exploitable through Safari.
If it's something only exploitable through Safari, then it's probably a Safari bug! Let's take a look at the original security advisory:
The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large "height" attribute viewed using the Apple Safari browser.
So, they bl
Re:So all 5 of you running Safari on Windows (Score:5, Insightful)
The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large "height" attribute viewed using the Apple Safari browser.
So, they blame win32k.sys - but apparently the actual bug is that you can cause something resembling a buffer overflow by feeding Safari a ridiculously large bit of data as an iFrame.
Could go either way.
Should go both ways.
Apple should fix the Safari bug so it doesn't mishandle IFRAMEs with "overly large" "height" attributes.
Microsoft should fix the in-kernel graphics code so you can't use it to break into the system.
Re:So all 5 of you running Safari on Windows (Score:4, Interesting)
Microsoft should fix the in-kernel graphics code so you can't use it to break into the system.
As a game developer, I need graphics code to be low level, fast, and insecure. There are times I just need it to be a rocketship without handrails.
If there is a way to secure it without sacrificing speed, that's great! But doing a great deal of error checking on that level? Leave me some insecure route to blitting billions of bits to the screen without guardrails please.
Re:So all 5 of you running Safari on Windows (Score:4, Insightful)
Microsoft should fix the in-kernel graphics code so you can't use it to break into the system.
As a game developer, I need graphics code to be low level, fast, and insecure. There are times I just need it to be a rocketship without handrails.
If there is a way to secure it without sacrificing speed, that's great! But doing a great deal of error checking on that level? Leave me some insecure route to blitting billions of bits to the screen without guardrails please.
Sure, as long as 1) only the applications that absolutely positively need this do their graphics through that API and other apps can't even get at that API under any circumstances (so if the app has a bug nobody can inject code to enable it) and 2) applications that do can be marked as "DANGER DANGER WILL ROBINSON IF THIS APP HAS A BUG YOU MIGHT BE SERIOUSLY PWNED". There might be a tradeoff between your requirements and the requirements of security, and the best resolution for that tradeoff might not be in your favor....
Re: (Score:3)
If Safari can do it, so can others who craft this type of object. Therefore it is a Windows 64 bit bug.
Yes, but if the fix to the Windows graphics subsystem means that whatever Safari's doing causes, instead, Safari to be terminated with an error (because it's doing something the Windows graphics subsystem doesn't want you to do), or to mis-display the HTML page in question, or something such as that, there's also a Safari bug there that should also be fixed.
Comment removed (Score:5, Informative)
Re: (Score:2)
I'm not gonna be loading a spare box with it and surfing porn vid sites
Well you get right on that. Let us know how the security "research" turns out Wally.
Re: (Score:2)
Re:So all 5 of you running Safari on Windows (Score:4, Informative)
There are 2 exploits here, one is in Safari which allows someone to at least crash the machine, the other is in win32k.sys which allows a user space program to take over the kernel (privilege escalation bug)
The win32k.sys bug is far more serious as it would give any program even run under a limited user account complete access to the system
Re: (Score:3)
If a program can get unlimited privileges then it's a bug in Windows. If Safari can do it, any piece of malware can too.
Re: (Score:3, Funny)
Re:So all 5 of you running Safari on Windows (Score:5, Informative)
Quote from Secunia advisory:
A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large "height" attribute viewed using the Apple Safari browser. Successful exploitation may allow execution of arbitrary code with kernel-mode privileges
Safari is apparently the only currently known browser where this attack could be vectored from.
Re:So all 5 of you running Safari on Windows (Score:5, Interesting)
64-bit windows requires no-execute on data pages (DEP), so there's no route you can cause data corruption and end up with executable code unless you have code running in the kernel to change the flags on the pages in memory.
If this is a theoretical exploit, the authors of it may not be that familiar with 64-bit Windows 7, or are running on a developer machine they explicitly disabled DEP.
Re: (Score:2, Interesting)
Well, there may be some Safari bug that allows an oversize iframe to be insterpreted as a script and interpreted, giving the place where the code can run, followed by some unrelated local priviledge escalation bug in Win7 for it to take advantage of.
Heck, security advisories come in "tweets" now? We're supposed to guess the problem from the first 140 characters of explanation, I suppose.
Re:So all 5 of you running Safari on Windows (Score:5, Informative)
Re:So all 5 of you running Safari on Windows (Score:5, Informative)
DEP is regularly beaten. The key is called "return oriented programming" (http://en.wikipedia.org/wiki/Return-oriented_programming), essentially oldschool "return to libc" on speed. It's a lot of painful work, but that's what it takes these days.
Re: (Score:2)
You are shitting me right? DEP can be trivially disabled - google for more information.
I think you're drank too much koolaid, much like the Microsoft security guy who told us "Windows 2008R2 64 bit will not load unsigned drivers, and will check itself every 15 minutes and bluescreen if it finds one".
Bull fucking shit - we found a very nasty little one that even Symantec couldn't find.
Re: (Score:3)
The problem is that DEP by default is not enabled on all applications. It's only enabled on apps that specifically request it. Safari/Firefox/Acrobat/Flash do not enable it fully.
In order to do so, you need to change the DEP behavior to enable it for all programs except those specifically excluded. I did this when I installed Win7 and have had little to no issues with DEP except for a game written for Win95.
Re:So all 5 of you running Safari on Windows (Score:5, Insightful)
Perhaps both, definitely a bug in win7. If something the unprivileged safari process does crashes the kernel, we know there must be a bug in win7.
Re: (Score:2, Informative)
FTFA:
"A vulnerability has been discovered in MicrosWindows 7oft Windows, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large "height" attribute viewed using the Apple Safari browser. Successful exploitation may allow execution of arbitrary code with kernel-mode privileges," the Secunia advisory said.
Re:So all 5 of you running Safari on Windows (Score:5, Funny)
Re: (Score:2)
Re:So all 5 of you running Safari on Windows (Score:5, Informative)
No matter what Safari does, it shouldn't cause a crash in win32k.sys, so I'd go with Windows error via Safari error since there's probably other vectors that can also cause a crash in the same place.
Re: (Score:2, Insightful)
It didn't cause a crash, it allowed the execution of arbitrary code, which is probably worse.
We don't even know if the exploit occurred in the windows API, or some of the crapware that Safari drags along with it.
None of the other WebKit browsers can cause the same exploit so it may well not be in the core of safari at all, but rather in one of the helper drivers that get installed when you install Safari and iTunes, like Bonjour or ipod helper processes. Some of those things can't be easily sandboxed becaus
Re: (Score:2)
Neither the iTunes Helper nor Bonjour are drivers.
Re: (Score:2, Insightful)
Re: (Score:2)
But they are services running with system privileges. That makes them almost as dangerous as drivers if they are poorly coded.
Re: (Score:2)
It didn't cause a crash, it allowed the execution of arbitrary code,
No it didn't. Read the advisory again and note the part that says (emphasis mine)
"... Successful exploitation may allow execution of arbitrary code with kernel-mode privileges"
Re: (Score:3)
Any exploit that gives control to an unauthorized user so the can run arbitrary code is a OS exploit.
Re: (Score:2, Insightful)
Depends on the context that that code runs in. If the arbitrary code is running under the same context as the app, then it's an app exploit. If the exploit is able to run something in an Administrator or kernel context, then that's an OS exploit.
Re: (Score:3, Interesting)
Re: (Score:2)
there are a LOT of people who have to run iTunes for their iPod/iPad/iPhone in order to get updates. Those updates usually try to install Safari along with the rest of the patches.
It actually installed Safari once without asking, IIRC.
Re: (Score:2, Interesting)
An iframe is interpreted by the safari browser which has trust obviously (it's an .exe), so it's a safari vulnerability, article is mislabeled, or author never took sec 101.
Also 5 users is very generous, I have yet to see one, and I've seen my share. Most web developers make their salt without ever having to test on this browser for example.
Re: (Score:2)
Re: (Score:3)
Re:So all 5 of you running Safari on Windows (Score:4, Informative)
It's been audited, multiple times. The problem is that it's both truly immense (hundreds of public entry points, to say nothing of its internal functions) and a mishmash of code dating back to the early days of NT (NT 4 at least, maybe the 3.x versions too) up through new code for Win8. I have no idea how many source files compile into it. I got a (legit and very nearly complete) copy of the Win2K source for a university project, and even in that version (now 4 releases old), Win32k.sys was a terrifying thing to behold.
I once heard a Microsoft employee talking about the Stuxnet malware. He joked that it goet in through "this vulnerability called Win32k.sys - I mean, this vulnerability *in* win32k.sys..." They're quite aware of its problems. However, even when a bug is found, it's extremely difficult to fix it safely (I'm told that the average number of regressions during fixing a bug they find is greater than two, and each of those may cause more regressions when you try to fix them).
Re: (Score:2)
(NT 4 at least, maybe the 3.x versions too)
Win32k was introduced in NT4. Previously all the stuff was in user mode (in CSRSS).
Re:So all 5 of you running Safari on Windows (Score:5, Informative)
Re:So all 5 of you running Safari on Windows (Score:4, Insightful)
It shouldn't matter.
The OS simply should not melt because Apple can't code it's way out of a wet paper bag.
A real OS should simply not fall apart just because the users or programmers are idiots or malicious.
Re:So all 5 of you running Safari on Windows (Score:4, Insightful)
That's going to be one hell of a locked down OS. Will it be able to run anything at all?
Re: (Score:2)
Major studio games will be out, but pretty much everything else will still be on the table.
Re: (Score:2)
OpenBSD normally doesn't get this kind of exploits. I think there's been one remote exploit historically.
And plenty of people use openbsd as their desktops.
Re: (Score:3, Insightful)
Well so much for every operating system ever created.
Headline.. Flaw in APPLE Safari for windows found (Score:4, Insightful)
Re:Headline.. Flaw in APPLE Safari for windows fou (Score:5, Informative)
Re: (Score:3)
TFA suggests it allows kernel privileges, so it is certainly a Windows exploit. But it may also be a Safari bug too, it depends whether or not the data it is passing to the Windows API calls that are causing the exploit would be considered reasonable or not.
I wouldn't make that blanket assumption -- Apple installs a MASSIVE amount of crap into the system. A kernel exploit in Windows code is NOT the same as a kernel exploit in Apple code. A service, a device driver, a process running with admin rights without appropriate protections from user-space could all be a vector for a kernel exploit.
Re: (Score:3)
If the OS allows Safari to run any arbitrary code, or ANY software for that matter, then there is an OS problem.
Should Safari accept overlarge iFrame? no. That is also the problem.
Since Window is used far more then safari, and is a core componant of many systems, then putting it as a MS exploit is the responsible thing to do.
Re: (Score:3)
Re:Headline.. Flaw in APPLE Safari for windows fou (Score:5, Informative)
Addendum: <iframe height='18082563'></iframe> causes a BSoD by the Windows kernel so it is certainly a Windows bug. It would be trivial of Apple to hotfix it to prevent exploitation via Safari but any other application could theoretically exploit it and elevate their code. Of course it doesn't appear anyone else has actually gotten it to execute arbitrary code yet, despite the summary claim...
Re: (Score:2, Informative)
Addendum: <iframe height='18082563'></iframe> causes a BSoD by the Windows kernel so it is certainly a Windows bug. It would be trivial of Apple to hotfix it to prevent exploitation via Safari but any other application could theoretically exploit it and elevate their code. Of course it doesn't appear anyone else has actually gotten it to execute arbitrary code yet, despite the summary claim...
And likely won't -- Win7 64-bit requires DEP, so you can't corrupt a data page and end up executing code unless there's a defect in the CPU *or* you have code in the kernel to change the page type. And if you have code already in the kernel, you don't really need an exploit.
Its also not clear from the article if its corrupting kernel memory, or corrupting user memory. The driver crashing doesn't necessarily imply data in kernel space was corrupted, it just means the driver crashed for some reason.
Re: (Score:2)
because DEP is bug free?
Re: (Score:2)
Because DEP induces morons to believe they're now secure and protected forever.
Re: (Score:2)
Ugh... man, I hate to break it to you, but your "understanding" of the security technologies is *way* off.
First, DEP is trivial to bypass. Go research "return-oriented programming" and you'll find not only working exploits but even entire toolchains that can compile an arbitrary C program into a return-oriented stack that executes by controlling the program counter and stack frame (including local variables) to make a binary execute completely different instructions. (The mitigation here is ASLR, which has
Re: (Score:2)
*grumble grumble*
Of course it does. It's part of MS's plan to bring the "bang" back into C++. All this nonsense about buffer overflows and what not, that's just the managed code people trying to keep good programmers from realizing the speed and efficiency of a good, tightly written C++ program, which can compromise your machine in 10 seconds flat.
I have frequent, unkind thoughts for a company that scuttled a good migration to a nicer programming experience.
How about, instead of Windows 8, you finish the co
Re: (Score:2)
Re: (Score:2)
It seems unlikely this was found by accident, more likely by someone knowing about how the iframe would
be handled in windows and designing something purpose made to break that.
Not knowing how Safari is interfacing with windows, I can't guess if this is a problem in a windows API call or some tool-set used only by Safari. If none of the other Webkit browsers can trigger this bug it would seem more likely to be some safari specific middleware.
All 6 people using Safari on Win7 64bit should definitely avoid al
Re: (Score:2)
7 people.
I've been working on a (God help me) PHP implementation of a CalDav client for Davical, and Safari is one of the five or so browsers I've been testing it on.
Re:Headline.. Flaw in APPLE Safari for windows fou (Score:4, Interesting)
The only confirmed anything I've seen is someone can BSOD the computer. Which while a bug, not Remote Code Execute, just Denial of Service attack.
Since this problem only exists in Safari, either Chrome/IE/Firefox are sanitizing those inputs to prevent that from reaching Windows kernel.
Furthermore, since this x64 bug only, my guess is this issue was patched in 32 but for some reason, WOW64 isn't seeing it or catching it.
Re:Headline.. Flaw in APPLE Safari for windows fou (Score:5, Interesting)
The flaw seems to be in a call to a Windows API.
It is possible to trigger a memory error in the system file win32k.sys by accessing a crafted HTML file in Safari....According to webDEViL, the source of the vulnerability is the function NtGdiDrawStream.
So it is possible other programs could be affected. It is also possible that Safari itself handles the function in a broken manner. Note that Firefox appears to also have crashes related to that function (on x86 Windows, though, it's like the second Google result for that function). So, really impossible to say at this point. Also, they could only cause Windows to crash, not to run arbitrary code or anything. So far anyways.
Re: (Score:2)
Re: (Score:2)
BOOL NtGdiDrawStream(IN HDC hdcDst, IN ULONG cjIn, IN VOID* pvI);
So, simply speculating, this may be something like a ULONG going in, but it gets cast to a signed integer.
Re: (Score:2)
You must be new here if you think no-one says anything bad about Apple.
H-online also has the story. (Score:5, Informative)
http://www.h-online.com/security/news/item/Highly-critical-zero-day-vulnerability-in-Windows-discovered-1398625.html [h-online.com]
Wait... (Score:5, Funny)
Re: (Score:2)
I think you should have an actually professional look at your machine.
I run iTunes without any [problem on window7, x64. I also ran Safari for a while to check it out. It wasn't as good as Chrome so I ditched it.
And there is nothing special about the box I run them on.
It's an Apple exploit. (Score:3, Insightful)
Shouldn't the posting have the Apple graphic instead of Microsoft?
Re:It's an Apple exploit. (Score:4, Funny)
Nah. Easier to bash MS, this is /. after all. Critical thinking skills go out the Windows.
Re: (Score:2)
Since windows allows arbitrary code to run, and is used by about 85% of the market, there is nothing wrong with the headline.
I'm a PC! And An Apple! Exploit! (Score:2)
You insensitive clod.
I don't think I'd call this remote (Score:5, Insightful)
Remote to me means "it's connected, you're vulnerable". This requires the user to take an action, getting some local data. From the description, you could have the same files on the file system and it would work.
Bad? Yeah. But not "plug it in, computer is pwned" bad.
Obviously this proves that... (Score:5, Funny)
(check one)
[ ] Microsoft products are far less secure than Apple. Because everyone knows that Safari is completely safe always on Apple machines, and only fails on Windows.
[ ] Apple products are far less secure than Microsoft. Because obviously the hole in Microsoft security here is introduced through an Apple product, and really doesn't occur otherwise.
[ ] If people were just running Linux, they wouldn't be having these problems.
[ ] This is gonna be good. Ima gettin' my popcorn now!
Ah, the irony ... (Score:2)
It used to be that if my Mac crashed, I was in an MS program (word, powerpoint, IE back in the day) ... and now the roles have reversed.
Windows Classic not affected? (Score:5, Interesting)
After a bit bit of playing "let's intentionally crash Windows", it seems that using the Windows Classic skin fixes the bug, and the page renders fine (if a little uninteresting, it's basically a long page with a box on it). It BSODs on Windows Basic and Aero. I haven't a clue if this is a real fix, or if it's just that the magic number needed to crash the system is different with Windows Classic compared with Basic / Aero. Windows XP (32 bit) is fine as well (again page renders fine, no crashes of anything).
I personally think it's largely a Windows bug, even if Safari has a bug (that oddly only does anything on one version of Windows, and even then only with certain conditions), a programme doing something stupid should not crash the entire OS.
Annoying lack of details (Score:5, Informative)
For now it's unclear how bad is this, as the only concrete detail is Secunia's link to "original advisory" [twitter.com]
From digging around bug submitter's twitter [twitter.com]:
@igursev @therealsaumil not really an integer overflow. Otherwise 18082564 would have also worked ;-)
4 hours ago
w3bd3vil webDEViL @
@igursev It probably is, but not theoretically. In simpler terms, I can't build an exploit for it.
12 hours ago
@kernelpool yeah I tried with some help to get code execution but was beyond me...
19 Dec
@r3dsm0k3 Yeah. It's the NtGdiDrawStream which is being called multiple times...leading to a not so interesting crash.
18 Dec
<iframe height='18082563'></iframe> causes a BSoD on win 7 x64 via Safari. Lol!
18 Dec
So a) there's a bug in win32k.sys, tickled by Safari's (allegedly) incorrect API usage, so there's possibility of other exploits, b) "may lead to arbitrary code execution" means "we don't know yet, but we're playing safe", the only confirmed effect is BSoD by memory corruption.
Why the fuck there's so little about it, did nobody research yet what kind of memory corruption it actually does? The tweet's from 4 days ago, FFS.
is it public? (Score:2)
Re: (Score:3)
The Nt prefix seem to indicate it's part of Windows' Native (kernel) API. It isn't that well documented. Safari is probably going via the public Win32 API, which calls the Native API when kernel services are needed. It's a bit (kinda, sorta) like on Linux where a user programme won't usually directly call the kernel, but libc will call it when needed.
Re: (Score:2)
Re: (Score:2)
FYI I remember debugging a crashdump from this BSoD, and Safari was calling uxtheme which in turn calls this function that causes the BSoD.
Re:misleading headline (Score:4, Informative)
Safari is the only attack vector. This by definition is not a remote flaw as it requires you to do something to exploit a web browser, thus it is a 'local exploit'.
The web page can be remote, and can presumably gain control. You, the user, need do nothing but click a link, and might possibly be unaware that anything had happened.
Letting someone talk you into installing Safari also constitutes a Social Engineering exploit. So you might be right after all.
Re:misleading headline (Score:4, Funny)
Letting someone talk you into installing Safari also constitutes a Social Engineering exploit. So you might be right after all.
Apple attempts this "exploit" every time someone installs or updates iTunes for Windows.
Re:Does anyone read anymore? (Score:4, Informative)
This is Microsoft buggy code causing issue, Safari problem is merely one way to cause rooting of machine, other softwares using this service will undoubtedly provide more cases.
a) Yes, this is a bug in Windows. No question. Windows isn't validating the input, and should just reject it or throw an exeption or whatever. Crashing is not acceptable and represents a bug in windows.
b) This is also a bug in safari. Safari is not validating its input either. Its just blindly passing a request to create an 18million pixel tall iframe down to the Windows API somewhere...
c) Yes, other softwares will likely be found. But so far only safari is known to be in the unique position of using that API, passing it arbitrary remote content while failing to validate its input.
A bit of malicious code that explicitly does use that API actually has to get onto the local system first. Local exploits are much less serious than remote ones.
So yes, this is a windows bug. But it is also a safari bug. Both should be fixed.
Re: (Score:3, Interesting)
So yes, this is a windows bug. But it is also a safari bug. Both should be fixed.
So how does Safari know whether Windows can support an 18 million pixel high window without requesting one? If it's a valid value for the request, then an application should be able to assume that the OS will either fulfil the request or return an error, not execute arbitrary code.
Re: (Score:2)
So how does Safari know whether Windows can support an 18 million pixel high window without requesting one?
Safari knows what the screen resolution is. A request for a screen element like an iframe 10,000 times the height of of the screen clearly fails any reasonable sanity check you might think of. Its clearly a broken page, and should be rejected at that point.
Just as if I'm Safari for the iPhone and the page tries to allocate a 2 billion cell html table, i don't care even if its "legal and well formed htm
Re: (Score:2)
A request for a screen element like an iframe 10,000 times the height of of the screen clearly fails any reasonable sanity check you might think of.
And how am I supposed to look at this 30 gigapixel Longcat pic now? You insensitive clod!
Re: (Score:2)
A request for a screen element like an iframe 10,000 times the height of of the screen clearly fails any reasonable sanity check you might think of.
Never underestimated the size of a log file before opening it in an editor, huh? No, 0123456 is completely correct: it's the kernel's job to validate its function parameters. That doesn't mean Safari should be gratuitously throwing ridiculous values at it, but Safari should be able to without anything bad happening.
For example, you'll probably never need to printf("%1000000000000000s", &hugebuffer), but libc is required to tell you if you've asked it to do something dumb that it can't fulfill. It's righ
Re: (Score:2)
it's the kernel's job to validate its function parameters.
I never said otherwise.
That doesn't mean Safari should be gratuitously throwing ridiculous values at it, but Safari should be able to without anything bad happening.
And I agree with this too. Read the whole thread not just the last response. I said at least TWICE that I completely agreed it was a bug in windows ALSO.
My point here, is that EVEN if windows COULD fullfill this request, Safari should STILL be blocking it. My browser shouldn't open 18mill
Re: (Score:2)
At about 100 pixels per inch, that's about 180,000 inches. That's almost 3 miles. Also, if the image is 200 pixels across, you have 3.6 billion pixels. At three bytes per pixel (RGB), that's over 10 billion bytes. That's more than most people have in RAM plus swap. Shouldn't something check to see if the computer can handle such a request
Re:Silly (Score:5, Insightful)
Missing the point. Point is that userland code (and the example uses Safari but what should it matter *what* program activates it - it shouldn't be possible and can probably be easily activated by any sort of direct code) creates a BSOD in Windows.
That shouldn't happen - that's the whole point of an OS.
Re: (Score:3)
They just didn't as the right questions:
1) Does it affect other WebKit browsers (especially Chrome) as well?
2) If not, why should we give a shit?
Re: (Score:2)
1) Does it affect other WebKit browsers (especially Chrome) as well?
I am pondering this too.
Re: (Score:2)
Safari would seem to not handle the iframe exception, whereas IE, Firefox, Chrome, Opera DO? If this were a true windows exploit I would expect it to occur regardless of the browser.
Why do you think so? The browsers have different iframe code. Safari just happens to have code which in turn trips a Windows exploit. Ultimately the bug is not browser-related at all.
(Still, Safari could do a better job validating the input values, so there's kind of another bug.)
Re: (Score:3)
Did you have more than 4GB of RAM on this system before you installed 64-bit Windows? I was running with 6GB of RAM and seeing all sorts of crashes and nasties in 64-bit Linux, but nothing untoward in Windows. It turned out I had memory errors in the upper regions where 32-bit Windows could not reach.
Re: (Score:2)
Re: (Score:2)
It _is_ a Windows bug in kernel mode part of GDI, win32k.sys.
For Safari it's unclear, if it does something wrong to trip the bug win32k.sys - it's a bug in Safari as well, if it uses APIs as documented - they're just (un)lucky to trigger it.
Re: (Score:2)
Or better still use Chrome since Safari is a monstrous memory hog on OS X.
Re: (Score:2)
What if the only computer you have runs Microsoft Windows 7 64 bit, and you need to see how your web pages render in Safari?
Re: (Score:2)